In software design and development, the key to moving faster is a collection of operating principles and practices known as CI/CD, which combines continuous integration (CI) and continuous delivery (CD). CI/CD allows software development teams to deliver code changes more frequently and more reliably, and thus more quickly address the needs of the business and its customers.
Continuous integration is a coding philosophy and set of practices designed to drive development teams to make small changes and check in code to version control repositories on a frequent basis. Given that most applications today require that teams develop code using different platforms and tools, teams need a way to integrate and validate their changes.
The aim of continuous integration is to create a consistent and automated way to build, package, and test software applications. Having consistency in the integration process enables development teams to implement code changes more often, and this leads to enhanced collaboration and software quality.
Continuous delivery, which follows continuous integration, automates the delivery of applications to selected infrastructure environments. Most development teams today work in multiple environments in addition to production, including testing environments, and continuous delivery makes sure that there’s an automated way to push code changes to these various environments.
Continuous integration and continuous delivery require continuous testing, because the goal is to deliver high quality and secure applications and code to end users. Continuous testing is often deployed as a set of automated regression, performance, and other tests that are executed within the pipeline.
CI and CD together (CI/CD) encompass a culture, a set of operating principles, and a collection of practices that accelerate the software development process. The implementation is also known as the CI/CD pipeline and is considered one of the best practices for devops teams.
Industry experts say more organizations are implementing CI/CD as they look to enhance the design, development, and delivery of software applications to be used internally or by customers.
“We’re definitely seeing a rise in the use of CI/CD,” says Sean Kenefick, vice president and analyst at research firm Gartner. “I personally get questions about continuous development, testing, and release all of the time.”
Gartner’s recent “Agile in the Enterprise” surveys show that more teams are doing agile development, and agile teams have significantly higher implementation rates for continuous integration, automated acceptance testing, and devops, Kenefick says.
“I think that CI is the natural starting point for creating automated pipelines, and that is the area where teams tend to start out,” Kenefick says. “The more difficult aspects of CD are the need for automated testing and the re-architecture of applications, so that small bits of functionality can be tested and released in isolation.”
Virtually all of the new software projects that cloud consultancy ServerCentral Turing Group is involved in are using some degree of CI/CD, says Josh Quint, senior director of cloud solutions.
Among the core drivers behind this trend are that serverless computing infrastructure requires CI/CD integration; security requirements demand limited or no log-ins from developers into production infrastructure; and agile methods require a higher speed of deployment and testing cycles, Quint says.
CI/CD has become a mainstream strategy for many organizations involved in development.
“Technical feats such as continuous integration, comprehensive automated testing, and continuous delivery that at one time could only be mastered by hip, trendy startups are now being successfully performed by traditional enterprises,” says Hasan Yasar, technical director, continuous deployment of capability, at the Software Engineering Institute (SEI) at Carnegie Mellon University.
Here are some recommended practices for implementing and maintaining a CI/CD strategy.
Get key stakeholders involved in CI/CD early on
It’s a good idea to have early involvement by all development project stakeholders as close to the inception of the project as possible, Yasar says.
“The major benefit is participation by all stakeholders during each phase of the project for development decision,” Yasar says. For instance, IT operations personnel will have a say in architectural decisions, so developers can be developing on an infrastructure that has been approved by IT.
“This should be done with all decisions with all types of stakeholders, so that all major decisions can be made with experts in the room,” Yasar says. “This practice greatly decreases the amount of technical debt that generally builds throughout the project life cycle.”
Choose and implement the right CI/CD system—and keep implementing
The CI/CD systems on the market can provide concrete value for organizations, and their use signals how healthy an engineering/product organization is, says Josh Komoroske, senior devops engineer at container security technology provider StackRox.
“If building, testing, and deploying new features becomes trivial, then [an] organization’s ability to respond to change is improved tremendously,” says Komoroske, who oversees StackRox’s CI/CD pipeline. “If it takes weeks or even months to get something in front of your customers, some other business will come along who can and will do it better.”
But companies need to do sufficient research when looking into software that enables CI/CD processes. “Have whomever is in charge of the technical direction, longevity, or health of a product dedicate some time to researching the ecosystem and the solutions available,” Komoroske says. “Have them solicit input from the developers of that product. They will be the main customer of the CI/CD system, as they’ll be dealing with it daily.”
Once an organization has selected such systems, it needs to avoid the problem of disuse. “Most of these solutions have free trials, and can be integrated with platforms like GitHub,” Komoroske says. “Set up an integration and have it start building something. Automate a build, a test, or a deploy. When people see these systems providing value to their workflow, they will naturally begin migrating more tasks onto them.”
Combine thorough automated testing with manual approvals
Continuous delivery is basically made up of four major components, Kenefick says:
- Re-architecting for isolation
- Test automation
- Creating an automated process pipeline
- Automating the provisioning and configuration of environments
“These four components are fairly general and there are many individual practices that may be required to fulfill them,” he says.
For instance, in order to automate testing, teams would focus on test-first methodologies that reinforce the creation of automated unit and functional tests; create sets of automated regression, performance, and security testing; and have automated tests that ensure that environments and orchestration platforms have been configured properly.
“There isn’t any one set of that testing that is more important than the rest—it’s all important,” Kenefick says. “And should be combined with other quality practices like using static analysis tools, ensuring that peer reviews occur through pull requests, and the use of continuous integration pipelines,” Kenefick says.
Make sure there are manual approval steps at critical junctures in the deployment process, Quint says. “Manual approval steps prevent untested or unapproved code from getting into production or higher testing environments,” he says. “This also gives you control over the timing at which the code hits key environments.”
Track metrics to ensure success with CI/CD
As with most other technology and process deployments, CI/CD is not a “set it and forget it” proposition.
“Have insight into things like time and flakiness for your build/test/deploy cycles,” Komoroske says. “Identify areas and opportunities for optimization and improvement. Fast is better than slow, but reliability and correctness trumps speed.”
CI/CD processes and the associated tools should be considered ”force multipliers,” Komoroske says, paying off in terms of reduced engineering, testing time, and feature time to market.
Organizations can achieve measurable improvements in development and engineering by adopting CI/CD, and they should measure these enhancements and make comparisons of performance over time.
“Devops is built on the premise of continuous learning and improving, which is overlooked by most organizations early in the adoption of CI/CD,” says Farid Roshan, head of engineering at collaboration software provider Altimetrik. Companies should conduct data inventories on CI/CD tools to help determine the key performance indicators, performance objectives, and analytics to be measured throughout the devops process, he says.
Understand the business drivers for adopting CI/CD—and think in terms of future needs
It’s important for an organization to understand why it actually needs to adopt CI/CD, so that it can allow its development teams to build the necessary competency to make sure that key objectives are being achieved.
“When done correctly, CI/CD can improve developer productivity, delivery framework optimization, operational efficiency, and agile transformation,” Roshan says.
First generation CI/CD platforms were developed as an orchestration service, which connects processes across the product lifecycle to increase productivity, Roshan says. However, such a platform might not produce a strong return on investment (ROI) depending on the time required to develop code.
“Modern CI/CD capabilities adopt modular architecture that allows for ‘plug-and-play’ adoption models, and pipeline configurability to support various delivery frameworks,” Roshan says. Proper implementation of the pipeline as code enables engineering teams to develop advanced functions that meet the current needs of the business. But it’s also important to predict future requirements.
“Develop CI/CD capabilities for your business’s targeted future state,” Roshan says. “Adoption of devops CI/CD in silos based on existing processes will lead to fragmentation in [tool adoption], lack of standardization, and will provide minimal ROI for enabling delivery agility. This misstep can have a cascading effect across the enterprise.”
Automate everywhere it makes sense
As part of CI/CD, organizations should automate what can be automated and clearly delineate the things that cannot be automated, Yasar says. “Automation is one of the pillars of devops, and is one of the major benefits gained from a devops implementation that enables CI/CD,” he says.
The agile-devops approach SEI recommends is made possible by the practice of “infrastructure as code” (IaC)—the management of infrastructure components such as networks, virtual machines, and load balancers using the same versioning methods devops teams use for source code—and by automating various environments.
“The organization can employ processes and practices to enable IaC including configuration management, environment provisioning, and beyond,” Yasar says. “The objective is to treat all automated procedures as code, which [is] stored in a secure version control system.”
Ideally, the infrastructure code is stored in the same repository as the application code, where the operations team and other stakeholders can access it anytime.